►
From YouTube: CNCF Notary Project Meeting 2020-04-20
Description
CNCF Notary Project Meeting 2020-04-20
A
B
Hey
Dee
I'm,
Brian
I'm.
D
B
E
B
A
B
B
B
B
B
C
G
B
H
B
F
B
Thank
you
he's
awesome,
so
there's
two
things
kind
of
going
on:
we've
got
great
broad
community
engagement,
but
where
I
can
lots
of
different
extremes,
but
lots
of
good
ideas
coming
in,
but
we're
struggling
on
actually
getting
stuff
done
so
I
was
I
know
that
Omar
was
pushing
for
aw
Westside
to
get
a
solution
done
by
this
summer.
We
were
trying
to
get
something
done
by
this
summer.
That
was
probably
before
kovat.
B
We
still
need
to
get
something
done
by
summer.
We
have
some
internal
teams
that
have
been
building
on
the
docker
content,
trust
model,
because
it's
something
we
have
and
if
we
have
it,
that
must
be
usable,
so
they
were
using
it
and
different
teams
were
working
on
different
pieces
of
it
so
Brian's
way.
Brian
your
team
was
working
on
the
remote
key
management,
part
yeah.
A
B
Okay,
so
there's
that
part
of
it-
and
there
are
some
other
parts
that
are
working
on
some
content
signing
for
things
like
MCR
and
things
into
some
other
air
gap
cloud
movement
scenarios.
So
we
just
we've
had
these
fractions,
it's
a
big
company.
People
are
working
on
various
pieces
and
they're
making
great
efforts
in
their
area
these
the
way
I
was
referring
to.
B
So
with
that
said,
we
want
to
see
if
we
can
start
some
quick
iterations
on
some
things
with
what
we
know
today
with
the
full
assumption.
It
won't
be
the
final
solution,
but
it
will
be
something
that,
as
we're
iterating,
we're
learning
and
it
gives
Brian
his
team
a
chance
to
actually
make
progress
on
his
part,
probably
for
the
most
part,
won't
change,
but
we'll
learn
like
I
didn't
even
think
about
complete
offline
key
management.
B
B
We
didn't
want
to
go
off
and
do
it
just
in
a
Microsoft
lockdown
thing,
because
that
defeats
the
eight
defeats
the
purpose
of
what
we've
been
trying
to
do
on.
You
know
cross
cloud
as
well
as
we
didn't
want
to
come
later
on
going
hey
here.
We
go,
we
figured
it
out,
everybody
pile
on
and,
of
course,
that
doesn't
really
do
well
for
humans.
B
So
we
want
to
figure
out
how
we
can
get
something
going
quick
in
the
open,
but
with
a
focused
set
of
people,
not
excluding
people
per
se,
but
focused
invites
on
people
that
we
know
we
can
make
quick
progress.
What
the
assumption
is
that
we're
gonna,
you
know,
take
the
learnings
and
we
will,
you
know,
scramble
it
back
up
and
refactor
it.
That
was
it.
We
were
thinking
about
doing
an
env2
client
in
you
know
whether
I'd
like
to
do
it
under
the
notary
project.
B
F
I
think
it's
fine.
Under
nitrate,
we
having
I,
think
that's
fine
I
mean
I
survived
so
I
think
that
fits
in
with
the
kind
of
proposal.
I
just
write
in
that
talk,
so
I
know
if
we
run
the
risk
here.
I'll
just
read
everyone
now:
yeah.
B
F
B
B
B
B
B
B
C
C
C
C
C
C
B
B
F
A
B
B
So
I
know
massager
has
got
that
context
of
it.
So
let
me
let
me
kind
of
frame
a
little
bit
so
yeah
I
was
kind
of
just
trying
to
take
the
what
was
working
in
darker
content,
trust
and
then
fix
the
or
you
know,
I
fix
whatever
relieve
the
problems
were
we
couldn't
move
between?
Repos
are
moved
between
registries.
That
I
felt
was
the
biggest
blocker,
including
air-gapped
environments,
I'm,
not
opposed
to
what
conceptually
tough
is
trying
to
do.
The
problem
that
I've
got
with
tough
is
the
usability
and
the
basic.
B
In
order
to
make
it
work
the
complexity
of
what
it
it
does,
that's
the
part
that
concerns
me.
If
I
think
you
know,
I
keep
on
using
the
passport
or
the
whatever
you
want
to
call
you
I
just
use
password
the
passport
situation.
I
go
to
a
leave.
The
country
take
what
the
hell's
going
on
now
out
of
the
picture,
but
I
can
show
my.
B
F
B
F
F
But
anyway,
on
I'm
I
think
that
we
should
I
think
it
helps
if
we
basically
build
in
two
layers.
One
is
the
set
of
parameters
we
need
to
build.
This
type
of
thing
in
a
registry
at
this
type
of
thing
includes
things
like
tough,
but
it
might
also
include
other
things,
don't
so
so
we
know
that
kind
of.
Basically
what
these
things
like.
We
know.
We
need
a
standard,
our
signature
format
for
registries,
which
we
have
a
group
of
people
who
had
been,
who
have
got
opinions
on
which
we
can
turn
into
prototype
fairly
quickly.
F
B
F
Yeah
but,
and
then
I
think
that
then
I
think
you
need
some
standardized
like
for
tough.
You
need
a
couple,
a
few
document
formats
that
are
basically
in
this
barrel.
Many
that
anything
else
that
goes
into
our
CI
and
then
I
think
we
can
build
tough
just
from
those
primitives,
but
you
could
also
build
other
things
and
I
think
that
it
would
be
useful
to
build
that
house
as
a
prototype
of
what
what
primitives
you
actually
need
to
build,
there's
some
stuff
in
registry
and
to
show
that
we
can.
F
What
that
you
know
what
kind
of
implications
there
are
for
what
you
need
to
do,
I
think
I
was
only
old
Rossum
having
some
other
thoughts
of
others
running
you
down,
but
I
think
it
will
be
useful
to
have
a
concrete
demonstration
of
what
you
actually
need
and
I
would
actually
work
for
maybe
some
things
and
release
him
I
mean
obviously
something
really
simple
like
just
having
signatures.
You
can
check
because
that's
obviously
really
eat.
B
I'm
not
like
I,
said
in
honestly,
I'm
just
one
voice,
but
it's
not
that
I'm
against
having
it
more
secure.
Of
course,
the
problem
is,
what
does
it
take
in?
Is
it
reasonable,
like
yes,
my
passport?
Should
there
should
be
something
that
maybe
it's
my
point?
Biometrics
like
it
there's
a
fingerprint.
It
does
a
retinal
scan
or
something,
and
then
it
correlates.
That
thing
is
the
next
level
of
confidence.
B
That's
me,
the
problem
is:
do
I
have
to
have
a
retinal
scanner
everywhere,
I
go
and
that's
the
piece
that
I
haven't
been
able
to
understand
how
tough
can
make
things
practical
to
be
used
at
a
real
time,
production
deployed
environment
and,
if
I
and
it's
not,
that
we
shouldn't
exclude
them
per
se.
The
question
is:
is
it
a
layered
thing,
so
you
look
at
the
root
of
the
notary
project
scenarios
that
we
wrote.
B
H
H
F
That
is
effectively
what
I
mean
that's
effectively,
we've
that's
what
we've
largely
been
proposing
is
there's
no
and
that's
what
my
first
type
dog
in
the
dark
hair
suggests
as
well.
I
mean
we
don't.
We've
always
had
a
constraint
that
we
don't
want
to
implement
a
notary
specific
service
in
the
registry.
We
wanted
it
to
be
a
generic
part
of
the
registry
tricycle.
H
F
H
F
F
H
So
the
other
thing
that
I
think
we
were
also
in
line.
It's
I
think
it's
a
simultaneous
kind
of
like
description
that
we
did
and
aligns
very
well
with
the
doc
as
well,
which
is
we
want
some
kind
of
client
that
can
expose
the
rudimentary
capable
yes
I
stuff
that
can
push
something
and
pull
something
and
verify
the
signature
status,
the
minbar
from
a
client
perspective
and
I
think
yeah.
So
as
long
as
we're
kind
of
aligned
on
the
on
the
client
kind
of
offloading
all
the
implementation
there's
not
much.
D
So
that
we
can
one
quick
question:
Steve
in
your
dark
Justin,
we
talked
about
proposing
something
and
Justin
wanting
something
a
little
more
I,
don't
know
secure,
or
at
least
a
little
more
trustworthy
for
wonderful,
better
one
and
Justin
capital
sin.
Tough
I
can
interchange
just
in
terms
of
thinking
about
an
approach.
B
B
So
look
if
we
can
make
tough
usable
and
make
it
you
know,
approachable
for
the
average
human.
Then
awesome.
It's
the
the
challenge
has
been
it's
the
super
secure
thing
that
I
don't
know
anybody
knows
how
to
wrestle
this
thing
and
everybody
comes
away
that
I've
seen
going
wow.
This
looks
really
secure,
but
I
don't
know
how
to
use
it
so
I'm
happy
to
help
make
it
a
more
usable
thing.
B
H
What
I'm
trying
to
get
to
is
toughest
one
implementation,
like
a
provider
model
for
doing
signature
as
well
as
validation.
If
we
have
an
extensibility
similar
to
these
are
the
entry
points
that
we
can
discuss
and
what
the
signature
provider
as
well
as
signature,
validator
needs.
Then
the
discussion
of
tough
should
probably
be
do
these
options
or
do
these
API
is
suffice
for
us.
If
something
comes
along
later,
it
shouldn't
be
a
closed
model
where
there
is
no
option
for
extensibility.
H
So
the
two
aspects
here
right,
one
is
the
usability
of
notary
itself
as
a
client
or
maybe
as
a
library
and
a
set
of
extensibility
points.
Second,
is
okay:
how
does
stuff
actually
integrate
with
notary
v2,
rather
than
clubbing,
both
of
them
together?
If
you
can
kind
of
think
along
those
lines,
then
the
conversation
for
tough
can
be
in
its
own
silo
and
the
conversation
for
an
Audrey
experience
and
a
client
experience
can
be.
Another
thing:
is
that
make
sense.
D
B
Know
if
he's
been
looking
because
I
had
a
couple
of
conversations
from
offline
is
he's
not
necessarily
looking
for
it's
being
compatible.
I
think
he's
one
just
concerned
about
the
security
and
we
don't
implement
something
it
isn't
as
secure.
I
think
you
know
that's.
Certainly
apart.
I
also
think
that
he
feels
like
he's,
got
a
better
solution
and
it
should
just
be
tough,
so
I
see
I
in
the
conversation
of
had
was
the
requirements
that
are
written.
B
He's
been
using
this
analogy
that
I've
written
it
around
ambulances
with
wheels
and
that
excludes
the
ability
of
helicopters
come
and
transport
patients
back
and
forth,
and
like
the
example
that
I've
kind
of
been
back
I
was
like
look
I,
don't
know
about
ambulances,
here's
the
requirement!
Sorry,
a
helicopters,
I
know
about
ambulances.
I
know
about
wheels.
If
you
can
give
me
give
us
a
better
solution,
I
was
kind
of
playing
this
contractor
roles
like
if
you
could
come
in
and
say,
look
at
the
contracts
written
this
way.
I
can
give
you
this
solution.
B
Don't
worry
about
the
wheels
make
sure
the
rotors
are
good
or
something
I'm
like
yeah,
that's
great,
but
right
now
your
helicopter
doesn't
fit
this
model
yet
right
it
doesn't
fit
in
down
into
the
city
streets
or
whatever
the
analogy
you
want
to
take
it
from
so
I
think
the
the
place
that
we
can
do.
This
is
what
I'm
hearing
Sasha
say,
which
is
I.
Think
what
Justin
chromic
here
was
saying.
The
signature
that
we
want
to
store
could
be
a
tough
signature.
Is
that.
B
Here's
the
s
bomb,
the
lowercase
o,
meaning
it's
generic,
and
if
that
was
a
tough
f-bomb
thingy
whatever
that
means,
then
it's
totally
fine.
And
if,
if
RedHat
wants
to
come
with
their
signature
thing,
then
that
also
could
be
fine
and
the
registry
doesn't
care
just
like
we
don't
care,
whether
their
helm,
charts
or
OCI
images.
We
just
store
stuff.
The
fact
that
they're
signed
things
is
all
we're
really
trying
to
get
to
a
solution
of.
F
Yeah
I
mean
it's
slightly,
I
think
it's
finally
more
complicated
than
that,
but
I
think
we'll
see
that
what
that
involves
by
prototyping.
What
tough
looks
like
I'm,
not
just
plain
signatures,
look
like
and
potentially
what
some
other,
what
what
else?
Some
other
options
might
be
potentially
as
well,
because
there
are
some.
F
Yeah
I
mean
I
have
to
understand
that
it's
got
to
go
through
the
tough
process
and
it's
caused
it
so
yeah.
If
the
client
is
that
there's
a
fair
amount
of
complexity,
that's
yeah
in
the
client,
it's
not
just
checking
a
signature,
but.
B
Is
it
just
a
thing
wrapped
up
in
the
client?
It's
like
my
car
is
really
complex
inside,
but
I
don't
worry
about
it.
If
I
have
a
problem,
I
replaced
this
module.
All
the
complexity
is
dealt
with,
I
just
get
it
and
turn
the
wheel
and
drive.
Is
the
complexity
in
the
code?
That's
written
or
is
it
a
burden,
that's
put
on
the
person
trying
to
run
it
or
the
interactions
it
has
to
make.
F
B
Something
inherently
about
it.
You
know
if
I
said
every
time
I
presented
my
passport,
that
I
had
to
also
have
my
blood
retested
and
my
parents,
verification
done
at
the
same
time
yeah
that
becomes
unusable.
If
it's
a
matter
of
hey
it,
just
there's
a
retinal
scan
thing
implement
and
bang
it
works.
Then,
okay,
that's
a
reasonable
balance.
Tube
approach,
I.
F
F
I
mean
I
know
what
the
things
are,
that
people
find
confusing
with
no
TV
one,
quite
well
with
other
hats.
Some
of
them
were
related,
I
mean
some
of
them
are
related
to
tough
and
some
of
them,
and
not
related
to
tough
I
mean
like,
for
example,
it's
quite
hard
to
inspect
the
state
of
the
world
with
no
TV
one,
which
is
partly
because
the
stuff
stored
in
the
database,
but
you
can't
see
what's
happening.
So
it's
it's
very
hard
to
understand.
F
Another
issues
just
there's
a
lot
of
keys
and
people,
don't
necessarily
know
where
their
keys-
and
you
know,
chemos
I,
managed
key.
Ok,
keep
a
model
of
where
the
keys
are
managed
for
you
by
a
cloud
provider,
for
example,
would
be
way
easier
for
people
to
work
with
then
a
model
where
they
have
to
manage
the
keys
themselves.
So.
D
The
portability
issue
that
Steve
mentioned
Steve
you
sitting
like
portability,
Notary
v1.
We
need
a
portability
in
v2.
Is
that
a
tough
issue
or
a
non
tough
issue?
I
guess,
if
you're
dependent
on
top
for
your
compliant
with
it,
then
every
registry
you're
moving
to
and
from
would
have
to
support
that
framework.
Well,.
F
I
mean
I
support
the
minimum
we
need,
but
which
isn't
but
I,
don't
think
it's
very
much
I,
see
kind
of
thing,
I
mean
the
the
that's
not
really
an
issue.
I
think
the
main
the
main
ports
birthday
issue
with
no
see
v1
was
simply
that
it
was
in
a
separate
side
database
that
you
couldn't
call
them
push
stuff
from
at
all.
Well,.
F
B
Can
we
do
this
in
a
layered
approach?
That
I
mean?
Let
me
let
me
make
it
state
what
I
must
have
an
assumption
around
at
the
end.
Notary
says
here
is
a
signature
and,
as
the
signature
has
to
be
moved,
there
is
a
signature
that
it's
a
son
with
an
artifact
of
the
thing
is
that
it
is
Rivera
FIYA
below
that
at
a
point,
is
that
kind
of
the
model.
B
B
B
The
point
is,
is
that
we
have
people
like
Brian
and
Ian
and
some
others
that
want
to
plug
in
a
key
management
thing.
If
we
can-
and
we
know
we
can
sign
things
without
it
being
tied
to
a
namespace
or
a
registry
just
using
the
the
digester.
Whatever
we
decide
is
the
right
thing.
Could
we
do
this
env2
client
thing
to
start,
and
the
first
thing
it
does
is:
has
a
key
management
part
that
knows
how
to
fetch
and
retrieve
keys
and
whatever
how
Brian
says
we
should
be
doing
it
and
nor
Nawroz
nias.
D
B
Sorry,
I'm
sticking
in
our
direction
and
Nina's,
and
we
work
on
the
api's
to
make
sure
that
those
signatures
can
be
moved
between
registries
as
we're
laying
that
down.
There's
this
other
part
that
says,
how
do
you
we
there's
a
in
the
NB
to
client
as
well?
There's
this
tough
extension
I
guess
for
lack
of
a
better
word
that
knows
how
to
deeper,
validate
that
signature.
That
could
we
work
on
this
in
two
layers
as
well.
F
Yeah,
that's
what
I'm
suggesting
basically,
so
we
do
the
basic.
What
does
a
signed
document
and
a
registry
look
like
and
then
what
then
we?
How
do
we
push
them?
Pull
them
like
any
other
kind
of
document.
I
was
the
actual
concrete
format
for
sign
language.
We've
currently
got
I
think
three
suggestions.
We
need
to
pick
one
and
decide
which
one
we
prefer
and
decide
if
that
meets
any
actual
registry
changes.
If
say,
prototype
is
in
the
registry.
F
F
D
F
F
There's
some
bittern
combinations
of
versions
are
less
relevant
for
container
images
but
might
be
or
other
some
other
things,
and
it
allows
you
to
allows
you
to
delegate
part
of
your
namespace
to
other
people.
So
you
can
give
one
team
the
ability
to
push
and
to
sign
one
register,
one
part
of
the
registry
namespace
and
another
team,
another
part
and
allows
you
to
rotate
keys.
B
So
other
than
rotate
keys,
all
the
other
stuff
I
didn't
quite
understand
because
I
mean
to
some
extent
there's
a
trust
made
whether
if
I
trust,
you
know
AWS
so
stereo,
more
here's
it's
putting
out
one
of
the
base,
images
that
are
using
AWS,
then
I
assume
I
can
get
that
aw
assigns
those
an
AWS
is
trustworthy
and
so
they're.
Not
if
they
give
me
an
update.
A
security
update
should
I
be
able
to
accept
that
and
I
think.
B
The
question
is
whether
they,
if
they
stuck
it
into
the
same
tag,
then
I
know
that
okay,
they're,
updating
their
1.1
image
and
I
should
have
just
accept
that
now
they
should
probably
also
have
a
1.1.1
or
whatever
the
build
number
is
but
I.
Think
if
I
can
trust
them
to
go
forward,
then
if
they
go
backward
for
good
or
bad
reason,
then
either
that's
expected
or
Omar
got
hacked
and
Google
just
got
there
anyway.
B
A
Mean
I
think
the
concern
is
not
in
sorry,
I've
been
quiet
and
trying
to
take
it
in
I'm
sort
of
you
know
coming
in
late
to
this
and
just
trying
to
understand
the
state
of
everything.
But
the
concern
is
not
that
in
your
example
that
AWS
decides
to
present
an
old
version
that
has
been
updated.
The
concern
is
that
an
attacker
does
that
and
at
the
point
there's
an
old
version.
That's
boehner
abut
was
signed
at
the
time.
A
B
So
I
get
that
the
question
is
that
how
this
is
so
relevant
to
today?
What
is
the
risk
reward
with
letting
people
go
back
to
work
right?
I
mean
it's
there's
an
there's.
Never
a
sum
0
so
do
I,
do
deep
analysis
every
time
and
if
I
can
great,
don't
get
me
wrong,
but
at
what
expense,
and
because
the
assumption
is
at
some
point-
oh
you
know,
AWS
won't
make
a
to
be
one
more
signature.
Ws6
thinking
sure
you
know
is
found
to
be
bad
now
it
already
got
through
somewhere.
F
F
B
F
B
F
E
F
You
know
the
right
point,
which
is
what
the
specification
exercise
was
kind
of
supposed
to
be
around,
but
hasn't
really
entirely
to
live
it
on,
because
it's
kind
of
a
hard
problem,
but
I
think
that
if
but
I
think,
if
we
do
this
bottom-up
prototyping
we're
better
idea
what
we
can
bill.
I
also
I,
don't
think
there's
some.
F
Mean
there's
basically,
it
I
think
it
does,
but
there's
a
set
of
fun
there's
a
set
of
minimum
set
of
requirements.
You
can.
We
actually
need
I
mean
I,
think
that
I
mean
I,
think
Justin's
view
more
or
less.
Is
that
if
you
end
up,
if
you
take
any
set
of
requirements,
you'll
end
up
with
something
looking
like
tough,
and
so
you
might.
F
Whether
that's
strictly
true
or
not,
is
somewhat
it
less
clear,
because
some
of
the
constraints
don't
even
seem
less
clear
for
the
kind
of
confused
cases
we
have.
Containers
like
cross
dependencies
are
not
really
an
issue,
so
I
think
there's
some
sense
in
which
that
might
not
be
entirely
true,
but
I
think
that
I'm
doing
favor
just
just
going
to
build
this
stuff
so
that
we
can
see
what
we
can
do.
D
I
I
will
have
a
hard
stop
in
five
minutes,
because
there
was
a
10
o'clock.
I
have
to
hit
today,
I'm
gonna,
sync
up
with
Aaron
and
years
and
Sam
at
some
point
inside
AWS
and
I
think
in
general
building
something
quickly
to
prototype
it
to
see
what
we
can
get
to.
What
we
have
based
on
what
we've
already
written
down
seems
very
logical
right
just
so
we
can
make
some
progress,
I
think
and
maybe
it'll
help
refine
what
we're
thinking
the
aspects
that
would
be.
D
Are
we
stopped
to
do
that
rate
wall
can
contribute
and
throw
up
some
source
code
and
start
slamming
away
at
it.
That
would
be
the
one
thing
and
then
the
second
thing
was
along
the
way,
just
make
sure
that
we're
not
going
too
far
away
from
whatever
tough
could
plop
on
top
of
it
as
a
it
almost
seems
like
tuff
is
more
secure,
or
at
least
it's
gonna
position
itself,
as
it
can
give
you
additional
trust
things.
If
you
applied
that
logic.
F
H
Think
for
the
lack
of
a
better
word,
I
think
tuff
is
an
ultra
provider
for
the
base
implementation
of
whatever
and
a
windows
chooses
to
do
something
like
look
at
the
content
blob
to
actually
determine
the
signature.
That
can
be
another
way
to
do
it,
but
I
think
having
a
simple
prototype
that
can
push
a
signature
like
validate
the
signature.
That
basic
scenario
is
kind
of
like
something
that
we
need
to
identify.
What
the
interfaces
look
like.
B
How
do
we
do
this
in
a
way
that
we
don't
have
this
thrashing
contention
of
commits
so
that
we
actually
achieve
this
layered
approach
because
I
think
I,
don't
I,
don't
have
disagreement
with
something
be
more
secure?
The
question
is
that
balance
of
usability
and
I
I
want
to
be
careful
that
we
don't
complicate
the
basics
of
a
getting
this
signature
problem
moving
I'm
moving
around,
which
I
don't
think
anybody
there's
contention
around
the
contention
is
whether
signature
is
enough
and
I
well.
A
F
Basically
around
I
mean
here's
the
usual
problem.
I've
had
you
sign
Jason?
Should
the
signatures
be
in
line
or
external
yeah,
those
standard
kind
of
questions,
I've
got
opinions
and
then
there's
how?
What
does
the
registry
API
actually
like
retrieve
them,
which
depends
so
if
they're,
not
part
of
the
object,
I
mean
if
they're
part
of
the
object,
its
straightforward,
you
just
get
the
object,
so
that's
actually
really
simple,
but
then
you
have.
The
dueling
registries
really
expect
everything
to
be
Jason,
so
that
requires
valid
Jason
and
Jason.
F
The
signatures
of
a
JSON
object,
which
is
kind
of
just
what
tough
does
using
canonical
Jason,
which
I
really
thought,
was
a
terrible
idea
and
then
the
other
alternative
ways.
We
extend
the
registries
and
have
external
signatures
as
a
primitive
in
the
registry,
which
I
was
my
preferred
option,
which
I
think
Derek
was
quite
happy
with,
but
we
need
to
just
get
those
people
together
and
make
a
decision
on.
A
That
yeah,
let
me
let
me
read
over
it
I
think
I've
definitely
got
some
catching
up
to
do.
I
think
sort
of
came
at
this
from
a
particular
angle,
with
the
existing
notary
and
tough
model
and
how
we
can
make
that
fit
for
some
of
our
requirements
within
Microsoft
and
then
trying
to
expand
that
on
into
the
notary.
B
I
understand
the
problem
about
signatures.
Moving
across
registries,
we're
not
even
actually
signing.
E
A
F
A
I
mean
I'd,
you
know
the
two-sentence
thing
at
a
very
high
level.
What
we
care
about
at
least
my
team's
angle,
coming
in
at
this
is
we
don't
give
developers
private
keys
and
the
private
keys
don't
sit
on
anybody's
dev
box.
We
have
a
service
that
does
our
signing
and
we
need
to
be
able
to
integrate
with
with
that,
and
we
also
have
requirements
about
keys
that
you
know.
A
F
B
F
A
Right
and
it's
that's
somewhere
where
my
team's,
you
know,
specific
requirements
might
diverge
a
little
bit
from
x4
from
the
larger
groups,
because
absolutely
the
key
management
for
us.
You
know
we,
we
don't
care
that
key
management
is
hard
because
we
have.
You
know
internally
to
Microsoft
very
specific
rules
about
that.
As
long
as
it's
well
defined,
and
we
know
what
we
can
do
in
there
aren't
these,
you
know
required
online
operations
that
you
know
you
can't
do
it
without
being
connected
to
the
internet.
F
But
I
mean
that
I
think
one
of
the
ways
in
which
we
can
make
an
overall
more
usable
model
is
to
provide
a
more
useful
set
of
management
services
alongside
it
yeah,
whereas
no
TV
one
just
told
you
to
look
after
the
keys
yourself
and
didn't
have
anything
well
I
mean
it
does
not
quite
true
it
does
have
some.
You
know
the
timestamp
keys
were
managed
for
you,
for
example,
but
overall
you
had
to
do
a
lot
of
key
management.
F
There
wasn't
anything
to
help
you
do
it
and
obviously
there
may
be
some
people
they
want
to
build
their
own
specific
key
management.
I
mean
like
you,
for
example,
but
if
we
can
provide
a
managed
service
that
you
can
run
to
do
the
key
management
or
or
a
set
of
interfaces
that
you
need
to
provide
for
key
main
and
that
make
it
easy
for
people
that.
B
Was
my
assumption
is
that's
just
we
need
some
interfaces
that
like
we
can
never
provide
the
level
of
detail
of
what
they're
gonna
have
to
do,
but
as
long
as
we
can
provide
an
interface
that
they
can
do
what
they
need
to
do
and
I'm
sure
a
able
us
and
Google
has
the
same
thing
with
their
binary.
Authorization
to
some
extent
is
as
long
as
we
can
agree
and
what
the
thing
that
gets
persisted
then
they
can
do
it
the
way
they
need
to
and
it
just
we
just
hey,
hey.
B
Know
how
you
got
that
there,
but
we
trust
it
and
we
accept
it
and
the
clients
know
how
to
validate
it
as
well,
because
I
don't
know
if,
like
my
understanding,
is
what
Brian's
trying
to
do
is
not
because
anything
to
do
with
tough
or
anything
else.
That's
just
saying
whatever
the
key
that
you
use
to
to
attach
to
this
thing:
they
need
to
own
the
yeah.
F
F
E
B
We
should
have
some
defaults
because
I
think
there's,
probably
like
four
companies
around
the
world.
That'll
probably
need
to
do
this
deep.
You
know
key
management
thing,
the
owners
of
distros
or
large,
extremely
large,
complex
software
companies
and
security
companies,
and
then
99.9%
of
the
others
are
consuming
the
software
from
those
companies
but
also
have
to
add
their
own
keys.
A
F
Think
that's
the
point
of
doing
this
as
separate
things.
Is
that,
like
the
like,
the
tough
of
it
can
be
in
a
separate,
that's
basically
in
a
separate,
the
tough
Cayenne
can
be
in
a
separate
repo.
Okay
I
mean
we
should
we
should
ever
effectively
what
we
need
is
a
registry
fork
once
we've
actually
decided
to
house
initial
stolen
registries
that
implements
that
assuming
the
registry
needs
to
implement
something
which
I
think
you're,
probably
well.
Okay,.
B
F
Then
we
should
be
able
to
make
a
really
dumb
client
that
just
check
signature
just
pushes
and
pulls
signatures
according
to
the
the
registry
API
that
we've
just
defined
so
so
that
we
can
actually
check
you
know
so,
can
put
signs
you
give
it
a
key.
You
can
sign
something
push
it
and
put
it
back
and
check
this
English.
So
we
just
basically
just
can
we
round-trip
a
signature
which
is
basically
the
CI
for
the
registry
for
effectively.
F
B
F
So
we
that
we
make
we
add,
assuming
we
need
to
add
anything
at
all,
but
we
probably
do
well.
Yet
we
had
whatever
the
signature
thing
we're
adding
is
in
the
a
signature
api's,
which
is
the
thing
that
we
just
need
to
finalize
and
then
as
effectively
as
a
test
for
that
we
rise
a
dumb
clown
that
can
signs
sign,
push,
pull
check
back
signature.
B
H
B
F
H
It's
very
similar
to
how
they
they
layer
container.
Do
things
like
that
there
is
a
there
is
a
gendering
set
of
interfaces
that
would
define
I
need
to
get
a
signature.
I
need
to
validate
the
signature.
The
tough
client
will
implement
these
interfaces
or
some
kind
of
layering
on
top
of
that,
and
they
agree.
H
F
H
F
F
F
B
B
F
E
B
Here:
here's
my
thought
that
I'm
just
thinking
out
loud
so
I,
the
the
individual
person
here,
doesn't
make,
isn't
the
thing
to
focus
on,
but
the
trying
to
get
a
vision
of
what
we're
trying
to
do
so
I'll
be
the
proxy
of
trying
to
understand
what
we're
doing.
I
feel
like
we're.
A
little
bit
of
this
I've
got
this
house
outlined
and
I've
got
these
contractors
that
I
really
like
and
trust,
but
they're,
saying
trust
me
I
want
to
go,
build
this
thing
and
I,
don't
know
what
the
end
result
is
what
I'm
hoping
for?
B
How
do
we
outline
like
we've
said
we
wanted
to
do
the
scenarios
which
I
get
the
details.
There
are
too
much
detail
of
scenarios
and
we're
try
to
find
some
time
this
week
to
generalize
them.
We
were
going
to
do
a
UX,
which
is
what
we
hoped
we
would
achieve,
which
is
kind
of
like
the
final
thing
that
cuts
yeah.
F
B
How
do
we
know
that
this
thing
with
a
bunch
of
the
contractors
that
are
working
or
working
in
the
same
direction?
That's
the
part
that
I'm
a
little
nervous
about
and
they're,
not
just
gonna
run
a
pipe
like
I
literally
had
a
house
where
I
had
electrical
wire
drilled
through
a
down
down
drain
pipe.
It
was
until
the
drain
got
clogged
that
the
water
went
up
the
pipe
that
then
leaked
all
over
the
place
that
we
found
out
what
happened.
B
So
how
do
we
have
the
sketch
not
even
a
blueprint,
just
a
sketch
of
and
I'm
fine,
if
it's
like,
we
sketched
something
out
on
one
of
these
calls
like
we're
doing
here
and
then
we
go
off
for
a
week
and
then
everybody
comes
back
and
says:
alright,
here's
what
we
learned!
Here's
the
next
sketch
like,
oh
okay!
But
if
you
put
that
up
slightly
over
in
this
direction,
then
this
other
problem
gets
solved
too,
and
it
doesn't
have
to
be
calls.
It
could
be.
You
know,
slack
conversations
could
be
anything.
B
F
I
want
to
sign
this
thing,
then
it'll
be
usable
like
if,
if
I
literally
your
left,
like,
obviously
somehow
you
have
to
authenticate
me
against
the
key
management
service,
because
that
would
be
helpful
because
it's
not
gave
me
a
piece
of
public,
but
if
I'm,
assuming
that
you
have
a
way
of
doing
that,
I
almost
failed
to
see
how
any
solution
wouldn't
be
usable,
regardless
of
what
it
actually
has
to
do
under
the
hoods
as
long
as
well,
there's
no
point
rebut
like
you
know,
but
if
I
can
basically
indicator,
I've
got
a
new
thing.
F
F
F
F
You
know
it's
I
can
see
well,
I
can
see
what's
been
signed
in
my
registry,
for
example,
and
by
hey
we
actually
had
a
lot
of
problems
with
no
TV
one
with
t
with
DTR
about
knowing
who
had
made
the
signatures,
because
they
didn't
really
have
a
good
time
between
the
person.
Who'd
signed
it
and
the
key,
and
so
it
just
gave
you
a
key
which
you
didn't
know
it
was
like
who
actually
signed
that
what
happens?
You
know
it's
a
observability.
F
B
B
D
B
F
F
F
B
E
F
B
B
F
F
F
B
F
F
F
B
F
F
F
B
B
B
B
B
B
B
So
for
those
others,
the
two
agenda
items
I've
got
so
far
was
a
scenario
update
and
a
prototype.
We'll
talk
about
further
than
me
to
client
anybody
else
have
anything
else
and
and
Derrick
Cormac
was
proxying.
You
for
the
previous
and
you'll,
see
the
notes
below,
but
we'll
talk
about
that
anybody
else.
I
mean
agenda
items.
B
Okay,
we
could,
we
might
want
to
making
this
a
shorter
call
as
a
result,
but
we'll
see
what
the
conversation
goes
and
just
looking
who's
here
and
Omar
was
there
for
representing
WS
Neos
as
well.
So
we'll
we'll
talk
about
that.
Okay,
so
quick
on
scenario,
update
in
fact
that
we
just
move
into
the
meeting
notes
Steve,
so
I
can
type
and
talk
at
the
same
time.
B
So
I
did
talk
to
Justin
Kappas
on
Friday,
and
we
were
talking
a
little
bit
through
great
Justin's
here
I
around
some
of
the
scenarios
and
it's
good
conversation
we
were
basically
kind
of
talking
about.
Is
the
scenarios
a
little
too
detailed
than
is
it
restricting
some
other
options
for
those
who
are
on
the
call?
Last
week
we
were
kind
of
talking
about
this
idea
of
it's
it's
written
around
ambulances
and
wheels
to
try
to
get
medical
people
to
medical
sites
and
there's
this
new
helicopter
approach.
B
That
said,
from
the
sake
of
making
some
more
progress,
one
of
the
things
we
also
talked
about
is
there's
nothing
that
precludes
a
better
solution
from
coming
in
and,
if
it
says
hey,
you
know,
I
wheels
us
in
a
thing,
but
we
need
to
make
sure
rotor
blades
are
valid
or
that
the
more
reliable
transportation
is
the
important
thing.
There's
nothing
hard
and
fast
around
the
way.
It's
written
certainly
a
scenario:
it's
not
an
API.
Where
has
to
meet
an
exact
contract.
B
It's
here's
like
the
minimal,
viable
thing
that
said,
I
will
go
back
and
try
to
tweak
them,
but
I
just
wanted
to
make
sure
that
we're
not
trying
to
exclude
a
better
solution
per
se.
It's
just
working
with
the
knowledge
we
have,
so
we
need
to
do
better
at
our
note-taking
and
talking
at
the
same
time.
So
that's
that
was
the
Serio
update
other
than
that
I
didn't
hear
of
I
haven't
gotten
any
of
the
feedback
that
we're
missing
something
per
se,
it's
more
of
the
style
of
writing
and
I,
totally
get
it.
B
I'll
go
back
and
tweak
it
and
we'll
see
we
can
do
there.
The
next
thing
that
we've
been
talking
about-
and
this
has
come
up
in
a
couple
of
different
calls
and
some
separate
conversations-
is
making
some
prototype
experiments.
There's
been
a
couple
of
efforts.
I
know
that
AWS
has
been
trying
to
get
some
stuff
done
for
this
summer.
You
know
preak,
ovid,
microsoft.
We've
also
been
getting
some
stuff
done.
There's
you
know
in
meeting
other
teams
inside
Microsoft,
it's
a
big
company,
and
there
were
some
teams
that
were
already
building
around
the
docker
content.
B
B
In
addition
to
this
balance
between
the
constant
push
and
pull
of
usability
and
security,
which
is
what
I
would
call
of
this
conversation,
we're
having
over
signing
versus
content
verification,
which
is
what
tough
provides
so
the
what
we
wanted
to
do,
there
was
get
a
prototype
going
where
we
can
and
learn
and
give
a
sketch
for
people
like
that.
You
know
possibly
Neos
and
and
I'm,
not
exactly
sure
what
you
do
need
us,
but
it
sounds
like
you're
doing.
B
The
key
management
is
the
part
of
it
thing
so
that
whatever
piece,
whether
it's
Neos
and
key
management,
or
somebody
else
and
key,
imagine
a
POS
or
and
Brian
and
Ian
and
Microsoft's
PRS
s.
So
they
can
work
on
a
key
management
area
and
plug
into
this
while
we're
also
figuring
out
what
is
the
persistence
of
a
signature
in
a
registry
and
some
of
the
other
parts.
So
if
you
look
at
the
notes
lower,
we
we
put
some
notes
in
here
on
a
call.
B
We
just
finished
up
earlier
this
morning
where
we
wanted
to
kind
of
go
through
this
in
multiple
phases,
and
so
basically,
what
is
a
signed
document
of
registry?
Look
like
this
is
some
stuff
that
Sam
had
been
working
on
with
some
others
and
he's
got
a
PR.
That's
it's
a
PR
for
the
sake
of
notes
not
appear
in
the
sense
that
something
would
merge
per
se.
But
it's
a.
B
What
we
agreed
is
the
point
of
conversation
for
how
we
would
persist
a
signature
in
the
registry,
we'll
product
type,
this
on
docker
distribution,
as
well
as
write
a
client
that
can
push
and
pull
signatures.
So
I'm
just
reading
through
the
notes,
I've
got
here
and
then
we'll
write,
a
client
that
can
validate
signatures,
and
the
idea
is
that
we
can
build
a
more
complex
calling
it
like
tough,
they
can
validate.
Not
just
the
signature
is
valid,
but
the
content,
that's
behind
that
signature
is
also
valid,
its
rewritten
it's
written
in
two
sections
here.
B
So
the
second
section
is
like
basically:
first
we
would
have
a
fork
of
docker
distribution
and
when
I
say
fork,
I
want
to
be
careful
because
Chris
and
Chris's
last
name.
This
is
not
a
fork
in
something
we
would
release.
It
is
a
fork
so
that
we
have
a
collaborative
place
to
propose
some
changes.
That's
a
derrick
and
others
have
been
talking
about
doing
that
we
can
as
maintainer
x'
or
whatever
we
want
to
call
it
of
this
experiment
can
do
that.
B
We're
not
doing
some
of
these
personal
accounts
or
trying
to
do
something
funky
off
a
docker
distribution
for
so
we'll
have
that
in
the
notary
project
and
the
assumption
there
is
that
if
it's
something
that
we
like
we'll
make
a
change
to
the
OCI
distribution
spec
and
we
would
make
the
corresponding
PR
back
to
dr.
distribution.
So
four
can
be
a
bad
and
good
term.
There's
also
an
NB
to
come
MV
to
client
repo.
B
That's
there
so
we'd
be
able
to
push
in
pull
we'll
figure
out
the
right
interfaces
for
this
key
management
thing
we
were
talking
about,
and
then
the
tough
client
can
also
figure
out
how
to-
and
this
is
I'm
gonna
repeat-
without
really
understand
the
details,
but
basically
a
tough
repository
can
match
to
a
registry
version
and
then
convert
back
and
so
forth.
So
that's
the
summary
of
what
we
just
kind
of
did
on
the
experiment.
B
The
you
also
say
when
I
very
focus
on
the
word
experiment.
I
could
have
you
even
put
the
experiment-
I
guess
in
the
me
pun
name,
but
the
idea
here
is
that
we're
doing
this
to
learn.
This
is
not
something
we
plan
to
ship.
This
is
something
that
we
want
to
learn
and
then
we'll
come
back
and
continue
to
figure
out.
What
is
it
that
we
need
to
do
to
build
in
the
larger
scheme
of
things,
questions.
J
I
have
one
question:
this
is
Aaron.
There
are
good
morning
Steve.
You
mentioned
one
thing
that
sometimes
conflicts
with
my
view
of
the
signature,
like
the
value
of
the
signature
and,
frankly,
I
I,
just
I'll
raise
my
point.
Maybe
you
tell
me
when
is
the
right
group
or
time
to
have
the
conversation,
but
you
were
just
rolling
off.
You
know
some
of
the
roles
and
responsibilities
and
it
sounded
after
a
signature
is
validated
that
tough
to
would
like
to
validate
that
the
contents
are.
J
B
A
perfect
time
and
I
see
Justin
here.
So
let
me
tease
up
what
my
understanding
of
it
is
and
then
just
to
try
to
put
some
framing
context,
because
I
definitely
can't
speak
to
the
details
of
it.
But-
and
this
has
been
the
the
conversation
we've
been
trying
to
figure
out
the
the
analogy
that
was
made.
Is
they
were
using
this
passport
analogy
when
I
show
up
precoded
when
we
can
actually
travel.
So,
let's
just
wipe
that
part
out
in
the
world
here,
because
Copa
does
nothing
to
do
with
my.
B
Or
not,
I
would
go
to
the
airport.
I'd
showed
my
passport.
They
would
scan
my
passport
and
find
out
whether
it's
still
valid
or
not
right.
The
question
that
really
comes
up
is
well.
How
does
it
know
that
I
am
the
person
that
was
behind
that
passport?
The
person
looks
at
me,
but
how
secure
is
that?
So
the
idea
is
there
is
the
in
the
better.
B
The
concrete
example
was
a
piece
of
software
that
was
valid
a
month
ago
that
turns
out
to
have
some
vulnerability
in
it
and
the
vulnerability
is
fixed
and
that
same
entity
that
signed
it
in
the
previous
conversation
we're
using
AWS,
as
example,
because
trying
to
use
somebody
else.
Besides
me,
microsoft,
ships,
a
new
version
of
it,
the
is
how
do
we
make
sure
that
the
thing
doesn't
get
downgraded?
It's
still
signed
by
the
same
trusted
entity
right
in
this
in
temples
AWS,
any
wes
is
still
valid.
B
Their
key
is
still
valid
that
the
content
is
still
valid.
The
problem
is,
is
that
10
should
not
be
representing
something
newer
than
what
it
currently
is.
So
there's
a
little
bit
of
a
interesting
content,
validation
scenario.
There
it's
not
that
evil
company
we
have
pick
on
Radu,
evil,
Radu
came
in
and
stuffed
his
content
into
and
somehow
God
would
underneath
the
AWS
signature.
It's
the
content
was
still
AWS.
It
was
valid
at
the
time.
K
K
J
That
helps
clarify
things
right
is:
is
that
if
we're
talking
about
developing
a
specification
right,
it's
it's
flexible
to
meet
the
tough
constituents.
It's
also
flexible
enough
to
me
kind
of
an
autonomous
signature
generation
and
validation
scheme,
and-
and
you
know
again
outside
guy
looking
in,
but
that's
how
I've
kind
of
viewed
this
but
I
think
that's
rational
to
say,
tough.
You
know
customer
pick
you're
in
your
your
configuration
and
that
these
two
things,
while
they
could
complement
one
another,
you
let
they
pick
one
or
the
other
I,
don't
know.
K
We'd
have
to
see
about
that.
That
might
be
dangerous.
I
prefer
not
to
give
people
ways
to
shoot
themselves
in
the
foot
that
are
really
obvious
ways.
We
don't
want
to
give
anybody
anything.
That's
like
that
doesn't
mean
common
usability
or
like
has
burden
it's
like
really
difficult
or
burdensome
for
them
to
use.
So,
ideally,
what
we
end
up
with,
and
hopefully
we
can
get.
There
is
something
that's
both
easy
enough
to
use.
We
think
everyone
should
do
it
and
secure
enough
that
we
think
it's
sort
of
the
right
option.
K
Hopefully
we
don't
end
up
in
a
situation
where
there's
you
either
have
to
pick
the
usable
option
or
the
secure
option,
which
is
I
think
would
I
think
be
a
bit
of
a
tragedy,
but
you
know,
maybe,
as
we
look
through
this-
maybe
that's
a
situation
we
end
up
in,
but
I
hope
we
can
find
one
that
has
a
sweet
spot
for
book.
I
kind.
J
Of
agree,
their
tragedy,
you
know
that
tragedy
sounds
terrible,
right,
usable
or
secure.
It
just
doesn't
pass.
It
doesn't
pass
the
sniff
test,
but
perhaps
when
you
say
things
like
so
again,
outside
guy
looking
in
if
I'm
looking
at
just
developing
a
code,
signing
solution,
broadly
I
might
take
on
some
of
the
responsibilities
of
key
management
rotation.
Revocation
some
of
these
things
that
are
somewhat
intrinsic
or
similar
to
the
to
the
need
for
the
code
signing
platform,
and
so
something
that's
why?
J
When
this,
these
kinds
of
conversations
come
up,
my
my
my
mind's
view
of
this
becomes
a
bit
more
foggy
right.
So
that's
what
I'm
just
looking
to
add
value
but
make
sure
that
we
don't
get
in
the
way
of
perhaps
right.
The
fact
that
tough
is
tough.
It
is
in
place
right,
and
so
maybe
we
just
need
to
I
need
to
think
about
signing
in
a
four
containers
in
a
smaller
scope
that
doesn't
include
key
management
or
well.
J
B
B
Out
on
it
may
said,
teenagers,
they
know
II.
Think
one
of
the
kids
do
they
put
hang
the
key
underneath
the
rock
or
on
the
plant
right
outside
the
door,
and
other
friends
can
use
it,
something
that
was
you
know.
Fingerprint
reader
was
really
good
for
a
while,
but
it
didn't
really
work
and
that
was
super
secure,
but
the
kids
just
didn't
lock
the
door
because
nobody
could
get
their
fingers
to
be
read.
B
We
need
to
find
that
right
balance
because
of
something
that's
super
secure,
but
not
usable
that
nobody's
gonna,
use
it
or
they're
just
gonna
leave
them
unlocked
the
key
management
aspect
of
it.
Is
that
I'm
hoping
that
the
goal
there
is
that
and
I'll
come
back
to
the
usability
part,
but
it
they.
The
key
management
part,
is
there's
some
certain
95
or
98
percent
of
people.
I
just
want
something
out
of
the
box.
That's
good
enough,
and
that's
that's
fine.
B
There's
four
to
six
companies
worldwide
that
have
really
strict
requirements
around
key
management,
Microsoft
being
one
I'm
assuming
AWS
or
any
software
company
does.
The
idea
is
that
it
should
just
plug
in
and
that's
the
challenge
that
we
want
to
make
sure
it
does,
because
if
it
doesn't
meet
there
that
we
call
their
requirements,
then
they
can't
use
it
and
it's
irrelevant,
and
it's
the
four
to
six
companies
or
there's
caught
software
companies
that
we
all
use
on
a
regular
basis.
So
we
of
course
need
to
account
for
them.
We
just
need
a
solution.
B
On
top
of
that,
so
I'm
hoping
it's
a
layered
approach
that
most
people
don't
even
notice.
The
the
bowing
usability
and
security
is
that's
the
part
that
we
want
to
iterate
on
this
and
find
out
more
there's
some
incompatibilities
of
the
way
the
technology
works,
that
we
just
want
to
bridge
and
experiment
with,
but
there's
some
underlying
problems
that
are
irrelevant,
whether
we
use
tough
or
something
else
that
we
need
to
solve.
You
know
where
the
signatures
get
stuffed
in
the
registry.
How
do
they
move
between
registries
between
repos
and
so
forth?
B
How
does
that
correlate
with
the
key
management?
If,
ultimately,
tough,
can
you
fit
into
that
great?
Nobody
is
trying
to
exclude
tough
for
an
alternative
solution.
It's
we're
trying
to
figure
out.
Does
that
really
match
and
is?
Do
we
need
that
level
of
complexity
in
the
standard?
So
that's
the
the
layered
approach
that
we're
proposing
again
it's
just
it's
an
iteration.
It's
an
experiment.
It's
not
even
a
spec!
At
this
point.
I
The
layered
approach
makes
sense
to
me,
I
think
we
and
encountered
something
similar
when
we
were
talking
about
naming,
right
and
I.
Think
one
of
the
agreements
we
came
to
there
was
that
the
signature
itself
can
have
additional
metadata,
which
could
be
used
for
additional
validation.
That
sounds
like
tough
would
be
heading
down
something
along
those
lines
where
it's
looking
at
additional
signature
metadata
to
make
decisions
rather
than
relying
on
sort
of
like.
Is
this
thing
in
like?
I
Does
this
match
the
hash
that
it
says
it
is
which
is
the
basic
primitive
around
signings
I
think
this
proposal
makes
sense,
I
think
it's
worth
looking
at,
whether
that
how
that
tough
extensibility
works
and
whether
that's
a
viable
option
or
not,
and
if
not,
what
do
we
need
to
do
to
support
that?
Yeah.
K
Tough
does
support
additional
information,
but
there's
part
of
this
also
that
I'm
a
little
I'm,
a
little
hesitant
about
which
is
part
of
what
I
kind
of
had
this
conversation
with
Steve
about
earlier
is
usually
when
you
want
to
design
a
security
system.
The
way
you
do
it
is
you
start
with
the
things
the
system
has
to
accomplish.
K
Like
the
scenarios
it
has
to
operate
in
the
security
goals
you
have
and
then,
after
that,
you
choose
the
mechanisms
that
make
sense
and
I
feel
like
some
of
this
mechanism.
Stuff
is
already
kind
of
mixed
in
ahead
of
time
into
what
it
is,
we're
trying
to
do,
and
so
I'm
I'm
trying
to
urge
that
we
before
we
say
like
well,
there's,
like
you
know,
we
thought
in
this
working
group
it'd
be
a
great
idea
to
have
this
thing
attached
here.
Let's
make
sure
that
whatever
our
solution
is,
has
that
happen?
K
I
think
this
is
getting
back
to
this
helicopters
and
ambulances
thing
I'm,
not
saying
that
what
you're
saying
is
wrong:
I'm,
not
saying
that
that
requirement
isn't
a
good
requirement.
I'm
not
saying
it
doesn't
make
sense
for
usability
I'm,
not
saying
it's
not
what
we
eventually
will
want
to
have
I'm.
Just
saying
that
you
know
I
think
our
goal
here
is
to
make
the
most
secure
best
thing
we
can
and
to
have
it
meet
the
needs
that
we
have
so
that
we
don't
end
up
having
to
do
a
notary,
3.0
design
a
year
from
now.
K
B
It's
dark,
I
excited
I
will
go
back
and
try
to
tweak
something
because
there's
no
intention
of
solution
by
any
means.
In
this
scenario,
it
was
just
a
matter
of
putting
product
enough
sketch
for
people
to
get
the
head
around.
The
piece
that
we
talked
about
this
morning
is
in
Cormack
represented
what
you
were
talking
about
and
that's
how
I
try
to
echo
back
that
scenario
of
content
that
you
know
what
the
question
is
is
a
signature
good
enough
and
the
scenarios
that
I
wrote
up
did
speak.
Two
signatures
were
the
assumption.
B
They
were
good
enough
because
I
thought
that
was
where
we're
at
it
sounds
like
we
are
looking
to
go
one
step
further
and
say
the
signature
was
that's
why
the
the
older
valid
software
is
a
perfect
example
of
this.
Is
the
signature
may
not
be
good
enough
because
the
signature
is
still
valid.
It
wasn't
revoked.
It's
still
valid.
For
that
thing,
it's
just
not
representing
what
it
currently
is
today,
so
they
I
will
tweak
it
a
bit
to
be
less
focused
on
the
signature
as
the
final
bit.
B
That
says
it's
good
enough
and
then
will
because
other
than
that
I
didn't
hear
anything
that
wears
anything
confined
around
other
than
this
is
registry
focus
they're
not
trying
to
solve
the
ability
to
have
content
stored
outside
the
registry
moved
around.
This
is
when
content
gets
into
a
registry,
it
can
move
between
registries
and
the
Securities
of
the
secured.
That's
the
sky.
K
And
just
to
add,
like
you
know,
20
seconds
on
on
of
our
discussion
before
it,
isn't
that
you
know
you
don't
do
a
signature,
because
you
want
to
do
a
signature
just
just
for
the
fun
of
it
you're
doing
a
signature,
because
you
want
to
get
a
certain
property
out.
You
want
to
know
that
this
party
says
that
this
thing
is
authentic
and
it
hasn't
been
tampered
with,
and
so
that's
really
the
level
at
which
I
think
we
need
to
be
thinking
rather
than
you
know.
Oh,
you
need
a
certificate.
K
B
I
I
think
this
is
one
where
we
probably
want
to
clarify.
What's
a
core
requirement
versus
what's
extensibility
requirement,
this
falls
under
sort
of
like
similar
to
naming
where
some
people
using
signatures
may
care
about
names,
and
some
may
not
having
one.
That's
restrictive
for
everyone.
I
think
is
definitely
not
an
implementation.
We
would
one
but
having
a
mechanism
where
people
that
care
about
naming
can
implement.
Something
would
make
sense
right,
I.
Think
a
lot
of
the
additional
sort
of
like
things
around
getting
the
right
version.
I
B
B
Annotation
is
not
a
good
word,
I
put
it
in
quotes,
so
somebody
has
a
better
word.
There
I
think
what
so,
what
I
try
to
capture
there
Justin
is.
We
had
historically
been
using
signatures
to
be
the
thing
that
was
good
enough
for
saying
is
signatures,
whether
it's
a
signature
or
something?
That's
there,
some
piece
of
string.
If
you
will
a
text
or
content
that
will
represent
this
thing
and
then
there's
a
way
to
go.
B
We
verify
that
on
the
client
and
that's
the
leveling
that
we
want
to
try
to
experiment
here,
because
the
the
ballot
we
are
a
little
concerned
around
the
usability
and
the
helicopter
is
a
good
example,
especially
in
New.
York
I
can't
really
fly
a
helicopter
and
land
it
in
the
middle
of
Fifth
Avenue
Park.
Maybe
because
there's
some
space
there
so
do
we
have
the
we
need
to
figure
out.
How
do
we
have
the
right
using
a
little
yeah.
K
And
even
just
you
know,
you
don't
have
to
I
think
if
you're
going
and
you're
saying
well,
there's
some
opaque
string
that
gets
moved
around
even
focusing
on
the
thing.
You're
moving
might
not
be
the
right
way
to
do
it.
It
would
be
to
focus
on
the
property
you
want
to
have
focus
on.
Oh,
we
want
to
make
sure
that
it
wasn't
tampered
with
that
the
patient
got
from
point
X
to
point
y.
E
K
But
you
know,
and
and
like
I,
don't
know,
I
can't
think
of
a
way
to
do
it
without
something
like
the
signature
thing
that's
being
described
here,
but
I'm.
Just
saying
that
that
you
know
stating
it
in
this
in
this
way
gives
the
flexibility
to
go,
and
you
know
have
the
ambulance
example
or
or
really
makes
it
so
that
you
can
sort
of
think
about
and
justify
why
you're
making
the
decisions
you
are
and
what
security
properties
you
get.
B
It's
very
look
at
the
end
of
the
day.
This
is
not
like
some
strict
contract.
We
contract,
where
we
know
exactly
what
the
answer
is.
We
want
we're
just
putting
it
out
for
bid
we're.
We
have
goals
what
we
believe
there's
a
bunch
of
the
reason
we
do.
This
is
a
community
not
just
because
we
need
to
move
this
between
registries,
but
because
we
want
to
tap
into
the
expertise
of
so
many
people
that
can
bring
to
this
I
mean
Ian's.
You
know
offline
key
much
when
something
I
hadn't
even
thought
about
yet.
B
B
We
all
right,
Capitan
I,
forgot,
we're
there.
So
I'll
follow
up
with
a
couple
so
Sam
and
Derick.
You
guys
had
been
working
on
this
persistence
conversation
we
wanted
to
have
a
conversation
on
Wednesday
or
a
Thursday
at
9
or
10
a.m.
if
that
works
for
you
guys.
So
if
you
could
help
in
the
notes
just
below
it,
you'll
see
Wednesday
or
Friday
at
9:00,
sorry,
Wednesday,
Thursday,
I
think
was
Wednesday
or
Friday
and
I
I
believe
Sasha
is
not
available
on
Friday.
I
B
So
Sam
I'm
gonna
put
you
Wednesday.
Can
you
said
yeah
and
others
are
welcome.
You
know
this
is
there's
no
exclusion
here.
It's
just
there
was
a
couple.
People
were
focused
specifically
on
how
we
wanted
to
there's
a
question
there
of.
How
do
we
do
some?
Do
we
need
any
changes
to
distribution,
the
distribution,
spec
and
so
I've
asked
Chris
to
create
a
fork
off
in
the
Norway
project
so
that
we
can
incubate
there,
and
if
there
is,
then
we
can
bring
that
back
and
then
the
other
part
was.